Red Canary’s syslog integration allows you to send syslog messages to a syslog receiver as part of an automation playbook.

The most common use of the syslog action is sending data to a SIEM or log collection platform, though we recommend using webhooks whenever possible because they are more modern, customizable, and reliable.

Send a syslog message as part of an automation playbook

1. Within any playbook, click Add Action.
2. Click Syslog and then click Send Syslog Message.
3. Click Add to Playbook.
4. Specify the Server Domain/IP that is configured to receive messages. If you use source restriction, the IP addresses from which communications must be authorized are listed.
5. Specify the Server Port that messages should be sent to.
6. Specify whether connections to untrusted servers will be allowed or not.
7. Select the protocol for sending.
8. Select the Syslog Program, Syslog Facility, and Syslog Severity that you want messages from Red Canary to use.
9. Specify the syslog Message that you want sent to the syslog receiver.
10. Click Save.

What if my syslog server doesn’t support TLS/SSL?

Be very careful about the security of any application that is exposed to the internet. At a minimum, use IP source restrictions to only allow traffic from trusted sources (the IP addresses used by Red Canary are specified on the syslog action configuration form).

To disable Red Canary’s TLS/SSL requirement, set the Protocol to TCP or UDP.